Campcodes Online Examination System Vulnerable to SQL Injection
CVE-2024-4916

9.8CRITICAL

Key Information:

Vendor: Campcodes
Status: Online Examination System
Vendor: CVE Published:; 15 May 2024

Badges

👾 Exploit Exists🟡 Public PoC

Summary

A vulnerability has been identified in Campcodes Online Examination System 1.0 that allows remote attackers to exploit an SQL injection within the selExamAttemptExe.php file. By manipulating the 'thisId' argument, attackers can inject arbitrary SQL commands into the database, potentially compromising sensitive data and leading to unauthorized data access. This flaw has been disclosed publicly, raising concerns regarding its exploitation by malicious actors.

Affected Version(s)

Online Examination System 1.0

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-4916 - Proof of Concept